Everything seems to be working well, and I have followed all of the 
instructions in the following link for ossec to decode mysql logs and alert 
on rules. https://groups.google.com/forum/#!topic/ossec-list/u4uXvPnGhQ4

I am a little perplexed because everything else seems to be working. 
Troubleshooting: I am trying to login to the mysql-server with an invalid 
username or password. The error message should read "Access denied for 
1. I see these lines in /var/log/mysql/error.log
2. I have enabled debugging level 2 and see that the agent is collecting 
logs for /var/logs/mysql/error.log
3. On the server, I have included the rules file mysql_rules
4. On the agent in agent.conf, I have included the lines:
5. I have restarted both server and agent multiple times
6. I receive real time monitoring alerts on file changes and sudo 
open/closed sessions
7. I receive alerts from the default setup about failed ssh access attempts 
but not mysql
8. It's strange I get some alerts about sudo access (level 3) and ssh 
access attempts (level 5) but not file changes (I guess this is separate 
unless there is a delay for mysql rules I'm not aware of).

Did I miss something to enable mysql alerts?


You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to